mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-26 08:26:22 +01:00 
			
		
		
		
	| @@ -54,10 +54,6 @@ func runACME(listenAddr string, m http.Handler) error { | ||||
| 		altTLSALPNPort = p | ||||
| 	} | ||||
|  | ||||
| 	// FIXME: this path is not right, it uses "AppWorkPath" incorrectly, and writes the data into "AppWorkPath/https" | ||||
| 	// Ideally it should migrate to AppDataPath write to "AppDataPath/https" | ||||
| 	certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory} | ||||
| 	magic := certmagic.NewDefault() | ||||
| 	// Try to use private CA root if provided, otherwise defaults to system's trust | ||||
| 	var certPool *x509.CertPool | ||||
| 	if setting.AcmeCARoot != "" { | ||||
| @@ -67,7 +63,13 @@ func runACME(listenAddr string, m http.Handler) error { | ||||
| 			log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err) | ||||
| 		} | ||||
| 	} | ||||
| 	myACME := certmagic.NewACMEIssuer(magic, certmagic.ACMEIssuer{ | ||||
| 	// FIXME: this path is not right, it uses "AppWorkPath" incorrectly, and writes the data into "AppWorkPath/https" | ||||
| 	// Ideally it should migrate to AppDataPath write to "AppDataPath/https" | ||||
| 	// And one more thing, no idea why we should set the global default variables here | ||||
| 	// But it seems that the current ACME code needs these global variables to make renew work. | ||||
| 	// Otherwise, "renew" will use incorrect storage path | ||||
| 	certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory} | ||||
| 	certmagic.DefaultACME = certmagic.ACMEIssuer{ | ||||
| 		CA:                      setting.AcmeURL, | ||||
| 		TrustedRoots:            certPool, | ||||
| 		Email:                   setting.AcmeEmail, | ||||
| @@ -77,8 +79,10 @@ func runACME(listenAddr string, m http.Handler) error { | ||||
| 		ListenHost:              setting.HTTPAddr, | ||||
| 		AltTLSALPNPort:          altTLSALPNPort, | ||||
| 		AltHTTPPort:             altHTTPPort, | ||||
| 	}) | ||||
| 	} | ||||
|  | ||||
| 	magic := certmagic.NewDefault() | ||||
| 	myACME := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME) | ||||
| 	magic.Issuers = []certmagic.Issuer{myACME} | ||||
|  | ||||
| 	// this obtains certificates or renews them if necessary | ||||
|   | ||||
| @@ -169,20 +169,24 @@ func loadServerFrom(rootCfg ConfigProvider) { | ||||
| 	HTTPAddr = sec.Key("HTTP_ADDR").MustString("0.0.0.0") | ||||
| 	HTTPPort = sec.Key("HTTP_PORT").MustString("3000") | ||||
|  | ||||
| 	// DEPRECATED should not be removed because users maybe upgrade from lower version to the latest version | ||||
| 	// if these are removed, the warning will not be shown | ||||
| 	if sec.HasKey("ENABLE_ACME") { | ||||
| 		EnableAcme = sec.Key("ENABLE_ACME").MustBool(false) | ||||
| 	} else { | ||||
| 		deprecatedSetting(rootCfg, "server", "ENABLE_LETSENCRYPT", "server", "ENABLE_ACME", "v1.19.0") | ||||
| 		EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false) | ||||
| 	} | ||||
|  | ||||
| 	Protocol = HTTP | ||||
| 	protocolCfg := sec.Key("PROTOCOL").String() | ||||
| 	if protocolCfg != "https" && EnableAcme { | ||||
| 		log.Fatal("ACME could only be used with HTTPS protocol") | ||||
| 	} | ||||
|  | ||||
| 	switch protocolCfg { | ||||
| 	case "https": | ||||
| 		Protocol = HTTPS | ||||
|  | ||||
| 		// DEPRECATED should not be removed because users maybe upgrade from lower version to the latest version | ||||
| 		// if these are removed, the warning will not be shown | ||||
| 		if sec.HasKey("ENABLE_ACME") { | ||||
| 			EnableAcme = sec.Key("ENABLE_ACME").MustBool(false) | ||||
| 		} else { | ||||
| 			deprecatedSetting(rootCfg, "server", "ENABLE_LETSENCRYPT", "server", "ENABLE_ACME", "v1.19.0") | ||||
| 			EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false) | ||||
| 		} | ||||
| 		if EnableAcme { | ||||
| 			AcmeURL = sec.Key("ACME_URL").MustString("") | ||||
| 			AcmeCARoot = sec.Key("ACME_CA_ROOT").MustString("") | ||||
| @@ -210,6 +214,9 @@ func loadServerFrom(rootCfg ConfigProvider) { | ||||
| 				deprecatedSetting(rootCfg, "server", "LETSENCRYPT_EMAIL", "server", "ACME_EMAIL", "v1.19.0") | ||||
| 				AcmeEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("") | ||||
| 			} | ||||
| 			if AcmeEmail == "" { | ||||
| 				log.Fatal("ACME Email is not set (ACME_EMAIL).") | ||||
| 			} | ||||
| 		} else { | ||||
| 			CertFile = sec.Key("CERT_FILE").String() | ||||
| 			KeyFile = sec.Key("KEY_FILE").String() | ||||
|   | ||||
		Reference in New Issue
	
	Block a user